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Basic Configuration Commands 


Chapter 1 System Management Commands 


1.1 Commands for Managing Configuration Files 


Commands for managing configuration files are shown in the following: 


© copy 

® delete 

@ dir 

®@ ip address 
®@ ip route 


@ write 


@ show configuration 


®@ format 
@® more 
1.1.1. copy 
Syntax 


To read files from the TFTP server to the switch, run copy. 
copy tftp[:filename] {flash[:filename] | rom[:filename}} [ip_addr] 


Parameters 


Parameters 


Description 


tftp[:filenam] 


Reads files from the TFTP server. The filename 
parameter shows the corresponding file name. If the 
filename parameter is not designated, you are 
prompted to enter the file name after the copy 
command is run. 


flash[:filename] 


Writes files into the flash of the OLT. The filename 
parameter shows the corresponding file name. If the 
filename parameter is not designated, you are 
prompted to enter the file name after the copy 
command is run. 


rom[:filename] 


Updates the bootrom of the OLT. 


ip_addr 


Means the IP address of the TFTP server. If this 
parameter is not designated, you are prompted to 
enter the IP address after the copy command is run. 
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Default Value 

None 
Command Mode 

Monitoring Mode, Privileged mode 
Usage Guidelines 

None 


Example 


The following example shows how to copy the switch.bin files from the TFTP server 
to the flash of the OLT. 


monitor#copy tftp:switch.bin flash:switch.bin 192.2.2.1 


Related Command 
None 


1.1.2 delete 


Syntax 


To delete a file, run delete. 
delete file-name 


Parameters 
Parameters Description 
file-name Means a file name with up to 20 characters. 


Default Value 
If the file name is not entered, the startup-config files will be deleted by default. 
Command Mode 
Monitoring Mode, privileged mode 
Usage Guidelines 
None 
Related Command 


None 
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1.1.3. dir 


Syntax 


To display a file and a directory, run dir. 
dir file-name 


Parameters 
Parameters Description 
file-name Means a file name with up to 20 characters. 


Default Value 
None 
Command Mode 
Monitoring Mode, privileged mode 
Usage Guidelines 
None 
Related Command 
None 
Example 


monitor# dir 


Listing Directory /: 


maple.blob <FILE> 6328554 
startup-config <FILE> 4714 
config.db <FILE> 10240 
switch.bin <FILE> 9336989 


free space is 17260544 bytes 


1.1.4 ip address 


Syntax 


Jan 01 00:01:34 1970 
Jan 01 00:04:24 1970 
Jan 01 00:04:30 1970 
Jan 01 00:03:16 1970 


To designate the IP address of the Ethernet port, run ip address in the monitoring mode. 


ip address jp-address mask 
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Parameters 
Parameters Description 
ip-address IP address 
mask Mask of the IP network 


Default Value 

None 
Command Mode 

Monitoring Mode, vian port configuration mode 
Usage Guidelines 

None 


Example 
monitor#ip address 192.168.1.1 255.255.255.0 


Related Command 


ip route 
ping 
1.1.5 ip route 
Syntax 


To designate a default gateway, run ip route in the monitoring mode. 
ip route default gw_ip addr 


Parameters 
Parameters Description 
gw_ip_addr Stands for a default gateway address. 


Default Value 
None 
Command Mode 


Monitoring Mode, global configuration mode 
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Usage Guidelines 

None 
Example 

monitor#ip route default 192.168.1.3 

Related Command 

ip address 

1.1.6 write 

Syntax 


To save the current configuration file, run the following command. 


write [all | database | ifindex | vos-config] 


Parameters 
Parameters Description 
all Save all the configuration files 
database Save the database configuration 
ifindex Save the current ifindex 
vos-config Save the pre configuration 


Default Value 
If no parameter is entered, save the configuration file startup-config and database by default. 
Command Mode 
Privileged mode or global configuration mode 
Usage Guidelines 
None 
Example 
None 
Related Command 


show configuration 
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1.1.7. show configuration 


Syntax 


To display the current configuration file of the system, run show configuration. 
show configuration 


Parameters 
None 

Default Value 
None 

Command Mode 
Other modes except the non-user mode 

Usage Guidelines 
None 

Example 
None 

Related Command 
None 


1.1.8 format 


Syntax 


To format the file system, run format in EXEC mode. 
format 


Parameters 
None 

Default Value 
None 

Command Mode 


Monitoring mode, privileged mode 
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Usage Guidelines 

If the format command is used, all files in the file system will be lost. 
Example 

None 
Related Command 

None 


1.1.9 more 


Syntax 


To display the content of a file, run more in EXEC mode. 
more _file-name 


Parameters 
Parameters Description 
file-name Means a file name with up to 20 characters. 


Default Value 
None 
Command Mode 
Privileged mode, monitoring mode 
Usage Guidelines 


If all characters in the file are legible, they are displayed in the ASCII code; otherwise, it will be 
displayed in the binary system. 


Example 
None 
Related Command 
None 
1.2 Basic System Management Commands 


Basic System Management Commands 


® bootflash 


Basic Configuration Commands 


® cd 

® chinese 

® chram 

® date 

® english 

® md 

@ pwd 

@ rd 

® rename 

@ reboot 

® alias 

® boot system flash 
@ help 

@ history 

@® show 

@ show alias 
@® show break 


® show memory 
1.2.1. boot flash 


Syntax 


To start a device from the designated file in the monitoring mode, run the following command. 


boot flash filename 


Parameters 
Parameters Description 
filename Stands for the name of the designated file. 


Default Value 
None 

Command Mode 
Monitoring Mode 

Usage Guidelines 


After a user enters the monitor state, you can use this command to start a device. 
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Example 
monitor#boot flash switch.bin 
Related Command 
None 
1.2.2 cd 


Syntax 


To change the current directory, run the following command in the monitoring mode. 


cd_ directory\.. 


Parameters 
Parameters Description 
directory Means a file name with up to 20 characters. 


Parent directory 


Default Value 
None 
Command Mode 
Monitoring Mode, privileged mode 
Usage Guidelines 
None 
Example 
monitor#cd my_dir 
Related Command 
pwd 
1.2.3. chinese 
Syntax 


To switch the command prompt to Chinese mode, use the chinese command. 
chinese 
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Parameters 
None 


Default Value 
None 

Command Mode 
Any Mode 

Usage Guidelines 
None 

Example 
None 

Related Command 
None 


1.2.4 date 


Syntax 


To set system absolute time, run command "date". 
date 


Parameters 
None 
Default Value 
None 
Command Mode 
Monitoring Mode, privileged mode or global configuration mode 
Usage Guidelines 


The command can be used to set the absolute time for the system. For the OLT with a 
battery-powered clock, the clock will be powered by the battery. If the clock doesn't keep good 
time, you need to change the battery. 

For the OLT without a battery-powered clock, the system date is configured to Jan 1st,1970 
after the reboot of the OLT, and user needs to set the current time each time when starting the 
OLT. 
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Example 


monitor# date 

The current date is 1970-1-1 4:6:50 

Enter the new date(yyyy-mm-dd):2016-03-03 
Enter the new time(hh:mmiss):18:04:30 


Related Command 
None 


1.2.5 english 


Syntax 


To switch the command prompt to english mode, use the english command. 
english 


Parameters 
None 

Default Value 
None 

Command Mode 
Any Mode 

Usage Guidelines 
None 

Example 
None 

Related Command 
None 

1.26 md 
Syntax 


To set up a directory, run the following command. 
md_ directory 
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Parameters 
Parameters Description 
directory Means a file name with up to 20 characters. 


Default Value 
None 
Command Mode 
Monitoring Mode, privileged mode 
Usage Guidelines 
The command can be used to set a directory. 
Related Command 
None 


1.2.7 pwd 


Syntax 


To show the current directory, run the following command. 


pwd 
Parameters 
None 
Default Value 
None 
Command Mode 
Monitoring Mode, privileged mode 
Usage Guidelines 
The command can be used to display the current directory. 
Related Command 


None 
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1.2.8 rd 


Syntax 


To delete a directory, run the following command. 
rd_ directory 


Parameters 
Parameters Description 
directory Means a file name with up to 20 characters. 


Default Value 

None 
Command Mode 

Monitoring Mode, privileged mode 
Usage Guidelines 


The system prompts if the directory is not empty. The system prompts if the directory doesn’t 
exist. To delete a command, use the rd command. 


Related Command 
None 


1.2.9 rename 


Syntax 


To rename a file in a file system, use the rename command. 
rename ojld_file_name new_file_name 


Parameters 
Parameters Description 
old_file_name The original filename. 
new_file_name The new filename. 


Default Value 


None 
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Command Mode 

Monitoring Mode, privileged mode 
Usage Guidelines 

None 
Related Command 

None 


1.2.10 reboot 
Syntax 


To reboot the OLT, run the following command. 
reboot [noconfirm] 


Parameters 
None 
Default Value 
None 
Command Mode 
Monitoring Mode, privileged mode 
Usage Guidelines 
The command can be used to reboot the OLT. 
Related Command 
None 


1.2.11 alias 
Syntax 


To name the alias, run the following command. 
alias [alias_name ] [command_line] 


Parameters 
Parameters Description 
alias_name Name the alias name. 
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command _line The command of naming the alias name. 


Default Value 
None 
Command Mode 
Global Configuration mode 
Usage Guidelines 


The command can be used to replace "command_line" with "alias _name". For instance, alias 
update1 copy tftp: switch.bin flash:switch.bin 10.168.30.188. The command " copy tftp: 
switch.bin flash:switch.bin 10.168.30.188 " will automatically run on the OLT only update 1 is 
input. 


Example 


Replace command " copy tftp: switch.bin flash:switch.bin 10.168.30.188" with "update1". 
Switch_config# alias update1 copy tftp: switch.bin flash:switch.bin 10.168.30.188 


Related Command 
None 
1.2.12 boot system flash 
Syntax 


To designate the systematic mirror file that will be executed when the system is started, run the 
following first command; to cancel this settings, run the following second command. 

boot system flash filename 

no boot system flash [filename] 


Parameters 
Parameters Description 
filename Means a file name with up to 20 characters. 


Default Value 
None 
Command Mode 


Global configuration mode 
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Usage Guidelines 


If the user doesn't configure the command, the system will execute the first system mirror file 
of the flash file system. If the user configures with multiple commands, the system executes 
the mirror documents in turn. If the document doesn't exist or occurs mirror. The next file will be 
executed consecutively. If the file doesn't run successfully, the system enters the monitor 


mode. 


Example 


The following example shows when starting the system how to set the system mirroring file to 
Switch_config#boot system flash switch.bin 


Related Command 


None 


1.2.13 


help 


Syntax 


help 


Parameters 


None 


Default Value 


None 


Command Mode 


Any mode 


Usage Guidelines 


The command can be used to show the help system of the OLT. 


Example 


The following example shows how to show the help system of the OLT. 


switch# help 


Help may be requested at any point in a command by entering a question mark '?' If 
nothing matches, the help list will be empty and you must backup until entering a '?' 
shows the available options. 


Two styles of help are provided: 


1. Full help is available when you are ready to enter a command 
argument(e.g.'show ?') and describes each possible argument. 


2. Partial help is provided when an abbreviated argument is entered and you want 
to know what arguments match the input (e.g. ‘interface e?’.) 


- 16 


Basic Configuration Commands 


Related Command 
None 
1.2.14 history 
Syntax 


To show history command, run the following command. To return to the default setting, use the 
no form of this command. 
[no] history [ + <count> | - <count> | clear] 


Parameters 
Parameters Description 
+ <count> To display the count<1-20> historical 
command from_ the beginning to the end. 
- <count> To display the count<1-20> historical 
command from _ the end to the beginning. 


Default Value 


If there are no more than 20 commands executed, all historical command lines will be 
displayed from the beginning to the end. If there are more than 20 commands executed, all 
historical command lines will be displayed from the beginning to the end. 


Command Mode 
Any command mode except the monitoring mode 
Usage Guidelines 


The OLT can save up to 20 historical commands. You can invoke these commands with the 
"up" or “down” key or directly use it after edition. The command can be used to browse the 
history command. You can run the [no] history command to delete the history command. 


Example 


The following example shows how to display the latest 5 history commands from the end to the 
beginning. 

switch#history - 5 

config 

int gp01/1 

no ip addr 

ip addr 192.2.2.49 255.255.255.0 

exit 
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Related Command 
None 
1.2.15 show 
Syntax 


To display the relevant information of the system, which or specific ones of which can be 
filtered through the filter, run the following command: 

show <sub-command> [ | {begin | include | exclude | redirect} <WORD> [SEPARATOR 
WORD]] 


Parameters 
Parameters Description 

sub-command Stands for a child command. 

| Uses the output filter. 

begin Means to show the result of the show command 
starting with a specific word. 

include Means to show the lines of the result of the show 
command containing a specific word. 

exclude Means not to show the lines of the result of the 
show command containing a specific word. 

redirect Redirects the result of the show command to the file 
in the designated file system. 

WORD Stands for a designated word, which is the 
designated filename as to the redirect command. 

SEPARATOR Stands for the designated separator, which is space 

WORD by default to separate the words. 


Default Value 

None 
Command Mode 

Other modes except the user mode 
Usage Guidelines 


This command can be used to filter the useless information in the result of the show command, 
especially when the result is too much to read. For example, if you want to browse a 
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designated MAC address in an MAC address table, which contains a lot of MAC addresses, 
this command will give you convenience for you. 


Example 
The following example shows how to display the lines, in which the word “interface” 
is contained, in the result of show running-config. 
Switch#show running-config | include interface 
Building configuration... 


Current configuration: 
| 
mirror session 1 source interface gpon0/2 tx 
permit igmp 1.1.1.1 255.255.255.0 interface GigaEthernet0/1 
interface Port-aggregator1 
interface Null 
interface GigaEthernet0/0 
interface GigaEthernet0/1 
interface GigaEthernet0/2 
interface GigaEthernet0/3 
interface GigaEthernet0/4 
interface GigaEthernet0/5 
interface GigaEthernet0/6 
interface GigaEthernet0/7 
interface GigaEthernet0/8 
interface TGigaEthernet0/1 
interface TGigaEthernet0/3 
interface TGigaEthernet0/4 
interface GPONO/1 
interface GPONO/1:1 
interface GPONO/1:2 
interface GPONO/2 
interface GPONO/2:1 
interface GPONO/2:2 
interface GPONO/3 
interface GPONO/4 
interface GPONO/4:1 
interface GPONO/5 
interface GPONO/6 
interface GPONO/7 
interface GPONO/8 
interface GPONO/9 
interface GRPONO/10 
interface GPONO/11 
interface GPONO/12 
interface GPONO/13 
interface GPONO/14 
interface GRPONO/15 
interface GPONO/16 
interface VLAN1 
interface SuperVLANS 
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Related Command 


1.2.16 show alias 
Syntax 


To display all aliases or the designated alias, run the following command. 
show alias [<alias name>] 


Parameters 
Parameters Description 
alias name Name the alias name. 


Default Value 
Display all aliases according the format “alias name=command line”. 
Command Mode 
Other modes except the non-user mode 
Usage Guidelines 
None 
Example 


The following example shows how to display all aliases of the current system: 
switch_config#show alias 
hualab=date 
router=snmp 


Related Command 
alias 
1.2.17 show break 
Syntax 


To display the abnormal information of the system, run the following command. The system 
stores all abnormal information in the latest running. The abnormal information contains the 
times of abnormity, the stack content and the invoked functions when abnormity occurs. 

show break 
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Parameters 
None 
Default Value 
None 
Command Mode 
Monitoring Mode, global configuration mode 
Usage Guidelines 
The command is only used for debugging. 


Example 


The following example shows how to display the system abnormal information: 


switch_config#show break 
System OK,No break info 


Related Command 
None 
1.2.18 | show memory 
Syntax 


To show the system memory, run the following command. 
show memory type mem_addr 


Parameters 
Parameters Description 
mem_adadr The hex system memory address, the value 
ranges from O to OxO1FFFFOO (It is determined by 
the OLT memory). 
type Memory type 
Default 
None 


Command Mode 


Privileged mode 
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Usage Guidelines 
None 
Related Command 


None 
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Chapter 2 Terminal Service Configuration Commands 


2.1 Telnet Configuration Commands 


The chapter describes telnet and relative commands. The telnet command is used to establish 
a session with the remote server. The telnet command is always working at the UNIX operating 
systems. Option negotiation is required. Telnet does not provide itself the login authentication. 
Telnet is different from Rlogin because telnet does not provide itself password check. 
The telnet configuration commands include: 

@ telnet 

@ ip telnet 

@ where 

® connect 

® disconnect 

@® resume 

® clear Telnet 

® show Telnet 

@ debug Telnet 


2.2 telnet 
Syntax 


To establish a telnet session, run the following command: 
telnet server-ip-addr/server-host-name [/port port | [/source-interface interface | /local 
local-ip-addr] | /debug | [/echo | /noecho] | /script scriptname] 


Parameters 
Parameters Description 
server-ip-addr Dotted-decimal IP address of the remote server 


Name of the remote server, which is configured by 
server-host-name : 
the ip hostcommand 


Port Telnet port of the remote server 
; Local interface where the telnet connection is 
interface A 
originated 
local-ip-addr Local IP address where the telnet connection is 
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originated 

A negotiation process for enabling the debug at the 
/debug . ; nts ‘ 

client side and printing the connection 
/echo Enable or disable the local echo. The default value 
/noecho is noecho. 
scriptname Ascript name used for auto login 


Default Value 

The default port number is 23. The interface has no default number. 
Command Mode 

User mode, privileged mode, global configuration mode 
Usage Guidelines 


You can use one of the following command lines to establish a remote login. 
telnet server-ip-addr/server-host-name 
In this case, the application program directly sends the telnet login request to port 23 of the 
remote server. The local IP address is the IP address which is nearest to the peer and found by 
the routing table. 
telnet server-ip-addr/server-host-name /port port 
In this case, the application program sends a telnet login request to the port of the peer. 
telnet server-ip-addr/server-host-name /source-interface interface 
In this case, the application program uses the IP address on the interface ass the locallP 
address. 
telnet server-ip-addr/server-host-name /debug 
In this case, the application program opens the debug and exports the connection at the client 
side. 
telnet server-ip-addr/server-host-name echo/noecho 
In this case, the application program enables or disables the local echo. The local echo is 
disabled by default. Only when the server is not in charge of echo is the local echo enabled. 
telnet server-ip-addr/server-host-name /script scriptname 
Before executing the automatic login command of the script, run the command ip telnet script 
to configure the script. 
The previous commands can be used together. 
During the session with the remote server, you can press the Q button to exit the session. If the 
session is not manually quit, the session will be complete after a10-second timeout. 


Example 


Suppose you want to telnet server 192.168.20.124, the telnet port of the server is port 23 and 
port 2323, and the local one interface is f1/1(192.168.20.240). You can run the following 


S74 


operations to complete the remote login. 

Switch# telnet 192.168.20.124 /port 2323 

In this case, the telnet connection with port 2323 of the peer is to be established. The local IP 
address of the peer is 192.168.20.240. 


Switch# telnet 192.168.20.124 /source-interface f1/1 
In this case, the telnet connection with port 23 of the peer is to be established. The local IP 
address of the peer is 202.96.124.240. 


Switch# telnet 192.168.20.124 /local 192.168.20.240 
In this case, the telnet connection with port 23 of the peer is to be established. The local IP 
address of the peer is 192.168.20.240. 


Switch# telnet 192.168.20.124 Idebug 
In this case, the telnet connection negotiation with port 23 of the peer will be printed out. 


Switch# telnet 192.168.20.124 /echo 
In this case, the local echo is enabled. If the echo is also enabled at the server side, all input 
will be echoed twice. 


Switch# telnet 192.168.20.124 /script s1 
Use login script S1 for automatic login. 


2.2.1 ip telnet 


Syntax 


To establish a telnet session, run the following command. 

ip telnet source-interface vlan value 

ip telnet access-class accessiist 

ip telnet listen-port start-port [end-port] 

ip telnet max-user user-limit 

ip telnet script scriptname ‘user_prompt’ user_answer ‘pwd_prompt’ pwd_answer 


To cancel the configuration of the telnet dialogue, run the following command. 
no ip telnet {Source-interface | access-class | listen-port stfart-port [end-port] | script scriptname 
| max-user} 


Parameters 
Parameters Description 
Local interface where the telnet request is 
value ts 
originated 
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Access list name to limit the source address when 


accesslist : : ; 

the local client receives the connection 

Starting port number designated at the listening port 
Sstart-port 

area 

End port number designated at the listening port 
end-port 

area 
scriptname Name of the login script 

as The maximum user number for simultaneous login. 

user-limit 


The number ranges from 0 to 63. 0 means no limit. 


user_prompt 


Username prompt returned by the telnet server 


user_answer 


Username response information from the client side 


pwd_prompt 


Password prompt returned by the telnet server 


pwd_answer 


Password response information submitted by the 
client side 


Default Value 


None 


Command Mode 


Global configuration mode 


Usage Guidelines 


@ Run the following command to configure the local interface for originating the 


telnet connection: 


ip telnet source-interface interface 

In this case, all telnet connections originated afterwards are through the 
interface. The configuration command is similar to the command telnet 
source-interface interface. However, the telnet command has no interface 
parameters followed. When the _ interface is configured and_ the 
telnet command has _ interface parameters, the interface followed the 
telnet command is used. 


@ Run the following command to configure the name of the access list which 


performs limitation on local telnet connection reception. 


ip telnet access-class accesslist 


In this case, the access list will be checked when the server accepts all telnet 
connections. 


@ Run the following command to configure a port, except the default port 23, to 


receive the telnet service. 


ip telnet listen-port sfart-port [end-port] 
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Note: If the end port number is not designated, the listening will be executed 
at a specific port. The number of the designated ports cannot be bigger than 
16 and the port number ranges between 3001 and 3999. 


@ Run the following command to configure the telnet login script. 


ip telnet script s1 ‘login:’ switch ‘Password:’ test 


Note: When the script is configured, the username prompt and password 
prompt and their answers must be correctly matched, especially the prompt 
information is capital sensitive and has inverted comma (”). If one of them is 
wrongly configured, the automatic login cannot be performed. 


Note: 


You can add the NO prefix on the above four commands and then run them to 
cancel previous configuration. 


Example 


1. Switch_config# ip telnet source-interface f1/1 
In this case, the s1/0 interface will be adopted to originate all telnet connections afterwards. 


2. Switch_config# ip telnet access-class abc 
In this case, all the received telnet connections use access list abc to perform the access list 
check. 


3. Switch_config# ip telnet listen-port 3001 3010 
Except port 23, all ports from port 3001 to port 3010 can receive the telnet connection. 


4. Switch_config# ip telnet scripts1 ‘login:’ switch ‘Password:’ test 
The login script s1 is configured. The username prompt is login: and the answer isswitch. The 
password prompt is Password: and the answer is test. 


2.2.2 ctrl-shift-6+x (the current connection is mounted) 
Syntax 


To mount the current telnet connection, run the following command: 
ctrl-shift-6+x 


Parameters 
None 

Default Value 
None 

Command Mode 


Any moment in the current telnet session 
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Usage Guidelines 
You can use the shortcut key to mount the current telnet connection at the client side. 


Example 


switchA>telnet 192.168.20.1 

Welcome to Multi-Protocol 2000 Series switch 
switchB>ena 

switchB#(press ctrl-shift-6+x) 

switchA> 


You press ctrl-shift-6+x to mount the telnet connection to switch B and return to the current 
state of switch A. 


2.2.3 where 


Syntax 


To check the currently mounted telnet session, run the following command: 
where 


Parameters 
None 
Default Value 
None 
Command Mode 
Global configuration mode, user mode, privileged mode 
Usage Guidelines 


The command can be used to check the mounted outward telnet connection at the client side. 
The displayed information contains the serial number, peer address, local address and local 
port. 


Note: 


The where command is different from the show telnet command. The former is 
used at the client side and the displayed information is the outward telnet 
connection. 


Example 


switchA>telnet 192.168.20.1 

Welcome to Multi-Protocol 2000 Series switch 
switchB>ena 

switchB#(press ctrl-shift-6+x) 

switchA> telnet 192.168.20.2 


- 28 


Welcome to Multi-Protocol 2000 Series switch 


switchC>ena 
switchC#(press ctrl-shift-6+x) 
switchA>where 
NO. Remote Addr Remote Port Local Addr Local 
Port 

1 192.168.20.1 23 192.168.20.180 
20034 

2 192.168.20.2 23 192.168.20.180 
20035 


Enter where at switch A. The mounted outward connection is displayed. 


2.2.4 resume 


Syntax 


To resume the currently mounted outward telnet connection, run the following command: 
resume no 


Parameters 
Parameters Description 
a Number of the currently mounted telnet session that 
is checked through the where command 


Default Value 

None 
Command Mode 

Global configuration mode, user mode, privileged mode 
Usage Guidelines 


The command can be used to resume the currently mounted outward telnet connection at the 
client side. 


Example 


switchA>telnet 192.168.20.1 

Welcome to Multi-Protocol 2000 Series switch 
switchB>ena 

switchB#(press ctrl-shift-6+x) 

switchA> telnet 192.168.20.2 

Welcome to Multi-Protocol 2000 Series switch 
switchC>ena 

switchC#(press ctrl-shift-6+x) 
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switchA>where 


NO. Remote Addr Remote Port Local Addr Local 
Port 

1 192.168.20.1 23 192.168.20.180 
20034 

2 192.168.20.2 23 192.168.20.180 
20035 


switchA>Resume 1 
[Resuming connection 1 to 192.168.20.73 ... ] 
(enter) 
switchB# 
After you enter where at switch A and the mounted outward connection of switch A is displayed, 
enter Resume1.You will be prompted that connection 1 is resumed. The command prompts of 
switch B are displayed after the Enter key is pressed. 


2.2.5 connect 
Syntax 


To connect telnet server, run the following command. 


connect server-ip-addr/server-host-name [/port port | /script script | 
[/source-interface interface | /local /ocal-ip-addr]]* 


Parameters 


Parameters Description 


server-ip-addr/server-host-nam 
e 


Server IP address or server host name 


port Port number, the value ranges from 0 to 65535 
interface The interface name of triggering the connection 
local-ip-addr The local IP address of triggering connection 
script script name 


Command Mode 
Global configuration mode, user mode, privileged mode 
Example 


switch# connect 192.168.20.1 
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2.2.5 disconnect 


Syntax 


To clear the currently mounted outward telnet session, run the following command: 
disconnect no 


Parameters 
Parameters Description 
fe Number of the currently mounted telnet session that 
is checked through the where command 


Default Value 

None 
Command Mode 

Global configuration mode, user mode, privileged mode 
Usage Guidelines 


The command can be used to clear the currently mounted outward telnet connection at the 
client side. 


Note: 
The disconnect command is different from the clear telnet command. The former 
is used at the client side and clears the outward telnet connection.The latter is used 
at the server and clears the inward telnet connection. 
Example 
switchA>where 
NO. Remote Addr Remote Port Local Addr Local Port 
1 192.168.20.1 23 192.168.20.180 20034 
2 192.168.20.2 23 192.168.20.180 20035 


switchA>disconnect 1 
<Closing connection to 192.168.20.1> <y/n>y 


Connection closed by remote host. 
After you enter where at switch A and the mounted outward connection of switch A is displayed, 
enter disconnect 1. You will be prompted whether the connection of switch B is closed. After 
you enter Y, the connection is closed. 
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2.2.6 clear telnet 


Syntax 


To clear the telnet session at the server, run the following command: 
clear telnet no 


Parameters 
Parameters Description 
Number of the telnet session that is displayed after 
no 
the show telnet command is run 


Default Value 
None 
Command Mode 
Privileged mode 
Usage Guidelines 
The command can be used to clear the telnet session at the server. 
Example 


Switch# clear telnet 1 
The telnet session whose sequence number is 1 is cleared at the server 
(192.168.20.220:1097). 


2.2.7 show telnet 


Syntax 


To display the telnet session at the server, run the following command: 


show telnet 


Parameters 
None 

Default Value 
None 

Command Mode 


All command modes except the user mode 
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Usage Guidelines 


The command can be used to display the telnet session at the server. The displayed 
information includes the sequence number, peer address, peer port, local address and local 
port. 


Example 


Switch# show telnet 
If you run the previous command, the result is shown as follows: 


NO. Remote Addr Remote Port Local Addr Local 
Port 

1 192.168.200.220 1097 192.168.20.240 
23 

2 192.168.20.180 14034 192.168.20.240 
23 


2.2.8 debug telnet 


Syntax 


The following is a format of the debug command for the telnet session: 
To enable the debug information output of telnet, run the following command: 
debug telnet 
To disable the debug information output of telnet, run the following command: 


no debug telnet 

Parameters 
None 

Default Value 
None 

Command Mode 
Privileged mode 

Usage Guidelines 


The command can be used to enable the switch of the telnet debug. 

If the switch of the telnet debug is enabled, the negotiation processes of all the incoming telnet 
sessions are printed on the window that the debug command invokes. The debug telnet 
command is different from the telnet debug command. The former is to export the debug 
information of the telnet session connected to the server. The latter is to export the debug 
information of the telnet session that the client originates. 
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Example 


The debug information of the telnet session that is connected to the server is displayed: 
Switch# debug telnet 


2.3 Terminal Configuration Commands 


The terminal configuration commands include: 
@ line 
® attach-port 
® autocommand 
®@ clear line 
® connect 
® disconnect 
@® exec-timeout 
@ length 
® width 
®@ location 
@ login authentication 
® monitor 
@ no debug all 
® password 
@® show debug 
® show line 
® terminal length 
® terminal monitor 
® terminal width 


@ terminal type 
2.3.1 line 


Syntax 


To enter the line configuration mode, run the following command: 
line {console number |vty first-number [last-number]} 


Parameters 
Parameters Description 
console Monitoring line, which has only one number 0 


vty Virtual lines such as Telnet, PAD and Rlogin 


number Number in the line of the type 


first-number Line start number, the value ranges from 0 to 31. 


last-number Line end number, the number is larger than the start 
number. Its maximum value is 31/ 


Command Mode 
Global configuration mode 
Usage Guidelines 

None 
Example 


The following example shows how to enter the line configuration mode of VTY 0 to 10. 
switch_config#line vty 0 10 


2.3.2 attach-port 
Syntax 


To bind the telnet listening port to the line vty number and enable the telnet connection at a 
specific port generates vty according to the designated sequence number, run the following 
command. 

attach-port PORT 

To cancel telnet listening port and line vty number binding, run the following command. 

no attach-port 


Parameters 


Parameters Description 


port Listening port of the telnet server (3001-3999) 


Default Value 
None 
Command Mode 


Virtual line configuration mode 
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Usage Guidelines 
None 
Example 


Bind listening port 3001 to line vty 2 3: 
switch_config# line vty 2 3 
switch_config_line#attach-port 3001 


2.3.2 autocommand 
Syntax 


To set the automatically-run command when user logs in to the terminal, run the following 
command. The connection is cut off after the command is executed. 
autocommand LINE 


no autocommand 


Parameters 
Parameters Description 
LINE Command to be executed 


Command Mode 
Line configuration mode 

Usage Guidelines 
None 

Example 


After you successfully log in, the host whose X.121 address is 123456 will 
be automatically padded. 


switch_conf#line vty 1 
switch_conf_line#autocommand pad 123456 


2.3.3 clear line 
Syntax 


To clear the designated line, run the following command: 
clear line {console | vty} number 
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Parameters 
Conform to the line command 
Command Mode 
Privileged mode 
Usage Guidelines 
None 
Example 
switch#clear line vty 0 
2.3.6 exec-timeout 
Syntax 


To set the max idle time of the terminal, run the following command: 
exec-timeout time 

To clear the max idle time of the terminal, run the following command: 
no exec-timeout time 


Parameters 


Parameters Description 


Idle time in seconds 


Value range: 0-86400 


time 


Default Value 
0 (no time-out limit) 
Command Mode 
Line configuration mode 
Usage Guidelines 


None 


Example 


The following example shows how to set the idle time of the line to 1 hour. 
switch_conf# line vty 1 
switch_config_line#exec-timeout 3600 


2.3.7 length 


Syntax 


To set the line number on the screen of the terminal, run the following command: 
length value 

To return to the default setting, use the no form of this command. 

no length 


Parameters 


Parameters Description 


Value range: 0 to 512. The value 0 means there is 
no pause. 


value 


Default Value 
24 

Command Mode 
Line configuration mode 

Usage Guidelines 
None 

Example 


To set the line number on the screen of the terminal to 200: 
switch_conf# line vty 1 
switch_config_line# length 200 


2.3.8 width 


Syntax 


To set the terminal width of the line, run the following command: 

width value 

To set the terminal width of the line to the default value, run the following command: 
no width 


Parameters 


Parameters 


Description 


value 


Value range: 0 to 256. The value 0 means no 
execution. 


Default Value 
80 

Command Mode 
Line configuration mode 

Usage Guidelines 
None 


Example 


The following example shows how to set the terminal width of the line to 100: 


switch_conf# line vty 1 
switch_config_line# width 100 


2.3.9 location 


Syntax 


To record the description of the current line, run the following command: 


location LINE 


To cancel the description of the current line, run the following command. 


no location 
Parameters 
Parameters Description 
LINE Description of the current line 


Default Value 
None 
Command Mode 


Line configuration mode 
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Usage Guidelines 
None 


Example 


The following example shows how to set the line description to “switchtest”: 


switch_conf# line vty 1 
switch_config_line# location switchtest 


2.3.10 login authentication 
Syntax 


To set line login authentication, run the following command: 
login authentication {default | WORD} 
To cancel the line login authentication parameter, run the following command. 


no login authentication 


Parameters 
Parameters Description 
default Default authentication mode 
WORD Name of the authentication list 


Default Value 
None 

Command Mode 
Line configuration mode 

Usage Guidelines 
None 

Example 


The following example shows how to set the authentication list of the line to test. 


switch_conf# line vty 1 
switch_config_line# login authentication default 
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2.3.11 monitor 


Syntax 


To export the log and debugging information to the line, run the following command: 


[no] monitor 
Parameters 
None 
Command Mode 
Line configuration mode 
Usage Guidelines 
None 


Example 


To export the log and debugging information to the line, run the following command: 


switch_conf# line vty 1 
switch_config_line#monitor 


2.3.12 no debug all 
Syntax 


To shut down all debugging output of the current VTY, run the following command: 


no debug all 


Parameters 
None 

Default Value 
None 

Command Mode 
Privileged mode 

Usage Guidelines 
None 

Example 


switch#no debug all 
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2.3.13 password 


Syntax 


To set the password for the terminal, run the following command: 
password {password | [encryption-type] encrypted-password } 
To cancel the password, run the following command. 


no password 


Parameters 
Parameters Description 
Password configured on the line, which is entered in 
password the plaintext form and whose maximum length is 30 


bits. 


[encryption-type] 
encrypted-password 


encryption-type means the encryption type of the 
password. Currently, products only support two 
encryption modes: 0 and 7. The number 0 means 
the password is not encrypted and the plaintext of 
password is directly entered. It is the same as the 
way of directly entering the password. The number 
7 means the password is encrypted through an 
algorithm. You need to enter the encryption text for 
the encrypted password. The encryption text can be 
copied from the configuration files of other OLT. 


Default Value 


None 


Command Mode 


Line configuration mode 


Usage Guidelines 


For password encryption, refer to the explanation of the commands 
password-encryption and enable password. 


Example 


The following example shows how to set the login password of VTY1 to test. 


switch_conf#line vty 1 


switch_conf_line#password test 


service 
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2.3.15 show debug 


Syntax 


To display all debugging information of the current VTY, run the following command: 


show debug 
Parameters 
None 
Default Value 


None 


Command Mode 
Other modes except the user mode 


Example 


Switch# show debug 

http authentication debug is on 
http cli debug is on 

http request debug is on 

http response debug is on 

http session debug is on 

http erro debug is on 

http file debug is on 

TELNET: 


Incoming Telnet debugging is on 


2.3.16 show line 


Syntax 


To display the status of the current effective line, run the following command: 
show line [{console | vty} number] 


Parameters 
The definition of other parameters conforms to that of the line command. 
Command Mode 


Others modes except the user mode 


Usage Guidelines 


All effective line statuses will be shown if there is no parameter. 


2.3.17 terminal length 


Syntax 


To change the line number on the current terminal screen, run the following command. The 
parameter can be obtained by the remote host. The rlogin protocol uses the parameter to 
notify the remote UNIX host. Run the no terminal length command to resume the default value: 
terminal length /ength 


no terminal length 


Parameters 
Parameters Description 
Line number displayed on each screen 
length 
Value range: 0-512 


Default Value 

Pause when 24 lines are displayed on the screen. 
Command Mode 

Global configuration mode, privileged mode 
Usage Guidelines 


This command only takes effect on the current terminal. When a session is terminated, the 
attributes of this terminal are also gone. 


Example 


The following example shows how to set the line number displayed on the terminal to 40: 
switch#terminal length 40 


Related Command 
line 
2.3.18 terminal monitor 


Syntax 


To display the output debug and the system error information, run the following command. To 
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shutdown the monitor, use the no form of this command. 
terminal monitor 


no terminal monitor 
Parameters 
None 
Default Value 
The system’s console port is enabled by default, while other terminals are disabled by default. 
Command Mode 
Global configuration mode, privileged mode 
Usage Guidelines 


This command only takes effect on the current terminal. When a session is terminated, the 
attributes of this terminal are also gone. 


Example 


The following example shows the information of debug output and system error: 
switch#terminal monitor 


Related Command 
line 
debug 
2.3.19 terminal width 


Syntax 


To set the character number in each line, run the following command. To return to the default 
setting, use the no form of this command. 
terminal width number 


no terminal width 


Parameters 
Parameters Description 
Character number of each line. The value ranges 
number 
from 0 to 256. 
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Default Value 
80 characters in each line 
Command Mode 
Global configuration mode, privileged mode 
Usage Guidelines 


This command only takes effect on the current terminal. When a session is terminated, the 
attributes of this terminal are also gone. 


Example 


The following example shows how to set the character number in each line to 40. 
switch#terminal width 40 


Related Command 
line 
2.3.20 terminal-type 
Syntax 


To set the terminal type, run the following command. To return to the default setting, use the no 
form of this command. 

terminal-type name 

[no] terminal-type [name] 


Parameters 
Parameters Description 
Terminal name Terminal types currently 
name 
supported are \VT100, ANSI andVT100J. 


Default Value 
ANSI 
Command Mode 
Line configuration mode 
Usage Guidelines 


None 
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Example 


The following example shows how to set the terminal type to VT100: 
switch_conf# line vty 1 
switch# terminal-type VT100 
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Chapter 3 Maintenance and Debugging Tool Commands 


3.1 Network Testing Tool Commands 
3.1.1 ping 
Syntax 


To test host accessibility and network connectivity, run the following command. After the ping 
command is run, an ICMP request message is sent to the destination host, and then the 
destination host returns an ICMP response message. 

ping [-a | -d | -f | -i source-ip-address | -j host1 [host2 host3 ---] | - k host1 [hostz2, 
host3 -+-] | -l length | -m interface | -n number | -r hops | -s tos | -t ttl | v | -w waittime | - 
b interval | -c ]* host 


Parameters 
Parameters Description 
= Sets ping all along until it is been interrupted. 
Default value: no setting. 
“d Sets not apply the routing table. Default value: no 
setting. 
-f Sets the DF digit (message is not segmented). If the 


message required to be sent is larger than the MTU 
of the path, the message will be dropped by the 
routing switch on the path and the routing switch will 
then return an ICMP error message to the source 
host. If network performance has problems, one 
node in the network may be configured to a small 
MTU. You can use the -f option to decide the 
smallest MTU on the path. Default value: No 
resetting 


-i Sets the source IP address of the message or the IP 


address of an interface. Default value: Main 
IP address of the message-sending 
interface 


source-ip-address Source IP address adopted by the message 


source-interface Message takes the IP address’ of _ the 
source-interface interface as the source address. 


- 48 


-+| host? — [host2 | Sets the relaxation source route. Default: Not set 

host3...] 

-k host? — [host2 | Sets the strict source route Default: Not set 

host3...] 

-l length Sets the length of ICMP data in the message. 
Default: 56 bytes 

-m interface Sets the port of forwarding packets. Default value: 
auto-identification 

-n number Sets the total number of messages. Default: 5 
messages 

-r hops Records routes. Up to hops routes are recorded. 
Default: not record 

-s fos Sets IP TOS of the message to tos. Default: 0 

-t tt! Sets IP TTL of the message to ttl. Default: 255 

-V Detailed output. Default value: simple output. 

-w waittime Time for each message to wait for response 
Default: 2 seconds 

-b interval Sets the time interval of sending ping packet. 
Unit: 10ms; Value range: 0-65535; Default Value: 0. 

-C Simple output 

host Destination host name or address 


Command Mode 

None 
Command Mode 

Privileged mode and global configuration mode 
Usage Guidelines 


The command supports that the destination address is the broadcast address or the multicast 
address. If the destination address is the broadcast address (255.255.255.255) or the 
multicast address, the ICMP request message is sent on all interfaces that support broadcast 
or multicast. The routing switch is to export the addresses of all response hosts. By pinging 
multicast address224.0.0.1, you can obtain the information about all hosts’ in 
directly-connected network segment that support multicast transmission. 

Press the Q key to stop the ping command. 


- 49 


Simple output is adopted by default. 


Parameters Description 


! Aresponse message is received. 


Response message is not received in the timeout 
time. 


U The message that the ICMP destination cannot be 
reached is received. 


Q The ICMP source control message is received. 

R The ICMP redirection message is received. 

T The ICMP timeout message is received. 

P The ICMP parameter problem message is received. 


The statistics information is exported: 


Parameters Description 


packets transmitted | Number of transmitted messages 


packets received Number of received response messages, excluding 
other ICMPmessages 


packet loss Rate of messages that are not responded to 
round-trip Minimum/average/maximum time of a round trip 
min/avg/max (ms) 

Example 


switch#ping -I 10000 -n 30 192.168.20.125 


PING 192.168.20.125 (192.168.20.125): 10000 data bytes 
Ta 


--- 192.168.20.125 ping statistics --- 
30 packets transmitted, 30 packets received, 0% packet loss 


round-trip min/avg/max = 50/64/110 ms 
3.1.2 traceroute 


Syntax 


To detect which routes have already reached the destination, run the following command. 

You can transmit to the destination the UDP packets (or ICMP ECHO packets) of different 
TTLs to confirm which routes have come to the destination. Each router on this path has to 
deduct 1 from the TTL value before forwarding ICMP ECHO packets. Speaking from this 
aspect, TTL is an effective hop count. When the TTL value of a packet is deducted to zero, the 
router sends back to the source system the ICMP timeout message. Send the first response 
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packet whose TTL is 1 and send TTL plus 1 subsequently until the target reaches to the max 
TTL. 

By checking the ICMP timetout message sent back by inter medial routers, you can confirm 
the routers. At the arrival of the destination, the traceroute sends a UPD packet whose port ID 
is larger than 30000; the destination node hence can only transmit back a Port Unreachable 
ICMP message. This reception of this message means the arrival of destination. 

traceroute [-i source-ip-address | -m source-interface | -j host1 [host2 host3 ...] | -k 
host1 [host2, host3 ...] | -p port-number | -q probe-count | -r hops | -t ttl | -w waittime | -x 
icmp]* host 


Parameters 


Parameters Description 


-i source-ip-address 


Sets the source IP address of packet. 


-m source-interface 


Sets the packet-transmitted port. 


-j host1 [host2 | Sets the relaxation source route. Default: Not set 
host3...] 

-k = host1 — [host2 | Sets the strict source route Default: Not set 
host3...] 


-p port-number Sets the ID of destination port that transmits UDP packets. 


Default value: 33434 Default: 33434 


-q probe-count Sets the number of packets that you detect each time. 


Default: 3 messages 


-r hops Records routes. Up to hops routes are recorded. Default: 
not record 

-t tt! Sets IP TTL of the message to ttl. Default: the minimum 
and maximum TTLs are 1 and 30 respectively. 

-w waittime Time for each message to wait for response Default: 3 
seconds 

-x icmp Sets the detection packet to be the ICMP ECHO packet. 
Default: UDP packet 

host Destination host 


Default Value 


None 
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Command Mode 
Privileged mode and global configuration mode 
Usage Guidelines 


The UDP packet is used for detection by default, but you can run —x icmp to replace it with 
ICMP ECHO for detection. 

If you want to stop traceroute, press q or Q. By default, the simple output information is as 
follows. 

Simple output is adopted by default. 


Parameters Description 
IN Receives an ICMP-route unreachable packet. 
!H Receives an ICMP-host unreachable packet. 
IP Receives an ICMP-protocol unreachable packet. 
IF Receives an ICMP unreachable (need to be 


fragmented) packet. 


IS Receive an ICMP unreachable (failing to detect the 
source-station route) packet. 


The statistics information is exported: 


Parameters Description 
hops max Means the maximum detection hops (the threshold 
of ICMP). 
byte packets Stands for the size of each detection packet. 


Example 


switch#traceroute 90.1.1.10 
traceroute to 90.1.1.10 (90.1.1.10), 30 hops max, 36 byte packets 
1 90.2.2.1 Oms Oms Oms 
2 90.1.1.10 Oms Oms Oms 


3.2 Fault Diagnosis Commands 


The chapter describes the commands used for fault diagnosis. All the following commands are 
used to detect the reason of the fault. You can use other commands to remove the fault, such 
as the debug command. 

The chapter only introduces the universal diagnosis commands. For more details, please refer 
to the Fault Diagnosis White Paper. 

The fault diagnosis commands include: 


®@ logging 
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® logging buffered 
® logging console 
® logging facility 

®@ logging monitor 
® logging on 

®@ logging trap 

® logging command 
® service timestamps 
® clear logging 

@ show break 

@ show debug 

® show logging 


@ show file_syn 
3.2.1 logging 


Syntax 


To display the state of logging (syslog), run the following command.To return to the default 
setting, use the no form of this command. 

logging A.B.C.D [level] 

no logging A.B.C.D [level] 


Parameters 
Parameters Description 
A.B.C.D IP address of the syslog server 
level Level of log information on the server Refer to table 
1. 


Default value 

The log information is not recorded to the server. 
Command Mode 

Global configuration mode 
Usage Guidelines 


The command can be used to record the log information to the designated syslog server. The 
command can be used for many times to designate multiple syslog servers. 
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Example 
Switch_config# logging 192.168.1.1 errors 
Related Command 
logging trap 
3.2.2 logging buffered 
Syntax 


To record the log information to the memory of the switch, run the following command. 
logging buffered {size | level } 


no logging buffered [size | level ] 


Parameters 
Parameters Description 
size Size of memory cache 
Value range: 4096-2147483647 Unit: byte 
level Information level of the log recorded to memory 
cache Refer to table 1. 


Default Value 

The information is not recorded to the memory cache. 
Command Mode 

Global configuration mode 
Usage Guidelines 


The command records the log information to the memory cache of the switch. The memory 
cache is circularly used. After the memory cache is fully occupied, the latter information will 
cover the previous information. 

You can use the show logging command to display the log information recorded in the memory 
cache of the switch. 

Do not use big memory for it causes the shortage of memory. 


Table 1 Level of log recording 


Prompt Leve Description Syslog Definition 


emergencies | 0 System unusable | LOG_ EMERG 
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alerts Immediate action |} LOG_ALERT 
needed 

critical Critical conditions | LOG_CRIT 

errors Error conditions LOG_ERR 

warnings Warning LOG_WARNING 
conditions 

notifications Normal but | LOG_ NOTICE 
significant 
condition 

informational Informational LOG_INFO 
messages only 

debugging Debugging LOG _ DEBUG 
messages 

Example 


Switch_config# logging buffered 


Related Command 


clear logging 
show logging 


3.3.3 logging console 


Syntax 


To control the information volume displayed on the console, run the following command. 


errors 


To forbid the log information to be displayed on the console, use the no form of this command. 


logging console /evel 
no logging console [level] 


Parameters 
Parameters Description 
level Information level of the logs displayed on the 
console Refer to table 2. 


Default Value 


The log level displayed on the console port is debugging by default. 
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Command Mode 
Global configuration mode 
Usage Guidelines 


After the information level is specified, information of this level or the lower level will be 
displayed on the console. 

Run the command show logging to display the currently configured level and the statistics 
information recorded in the log. 


Table 2 Level of log recording 


Prompt Leve | Description Description 


emergencies | 0 System unusable | LOG EMERG 


alerts 1 Immediate action |} LOG_ALERT 
needed 

Critical 2 Critical conditions | LOG_CRIT 

errors 3 Error conditions LOG_ERR 

warnings 4 Warning LOG_WARNING 
conditions 

notifications 5 Normal but | LOG NOTICE 
significant 
condition 

informational | 6 Informational LOG_INFO 


messages only 


debugging 7 Debugging LOG_DEBUG 
messages 


Example 
Switch_config# logging console alerts 
Related Command 
logging facility 
show logging 
3.3.4 logging facility 
Syntax 


To record specified error information, run the following command. To restore to local7, use the 
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no form of this command. 
logging facility facility-type 
no logging facility 


Parameters 
Parameters Description 
facility-type Facility type Refer to table 3. 


Default Value 
local7 

Command Mode 
Global configuration mode 


Usage Guidelines 


Table 3 Facility type 


Type Description 
auth Authorization system 
cron Cron facility 
daemon System daemon 
kern Kernel 
local0-7 Reserved for locally defined messages 
Ipr Line printer system 
mail Mail system 
news USENET news 
sys9 System use 
sys10 System use 
sys11 System use 
sys12 System use 
sys13 System use 
sys14 System use 
syslog System log 
user User process 
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uucp UNIX-to-UNIX copy system 


Example 


The following example shows how to set the recorded information to kernel: 
Switch_config# logging facility kern 


Related Command 
logging console 
3.3.5 logging monitor 


Syntax 


To control the information volume displayed on the terminal line, run the following command. 
To forbid the log information to be displayed on the terminal line, use the no form of this 
command. 

logging monitor /evel 

no logging monitor [level] 


Parameters 
Parameters Description 
level Information level of the logs displayed on the 
terminal line Refer to table 4. 


Default Value 
debugging 

Command Mode 
Global configuration mode 

Usage Guidelines 


Table 4 Level of log recording 


Prompt Lev | Description Description 
el 
emergencies | 0 System is | LOG_EMERG 
unusable 
alerts 1 Immediate action | LOG_ALERT 
needed 


- 58 


Critical Critical conditions ); LOG_CRIT 

errors Error conditions LOG_ERR 

warnings Warning LOG_WARNING 
conditions 

notifications 5 Normal but | LOG NOTICE 
significant 
condition 

informational | 6 Informational LOG_INFO 
messages only 

debugging 7 Debugging LOG_DEBUG 
messages 


Example 


The following example shows how to control the information volume displayed on the terminal line as 
the error information: 
Switch_config# logging monitor errors 


Related Command 
terminal monitor 
3.3.6 logging on 


Syntax 


To control the recording of error information, run the following command. 
To forbid all records, use the no form of this command. 

logging on 

no logging on 


Parameters 
None 
Default Value 
logging on 
Command Mode 
Global configuration mode 
Example 


switch_config# logging on 
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switch_config# *Z 
Configured from console 0 by DEFAULT 
switch# ping 192.167.1.1 


switch#ping 192.167.1.1 

PING 192.167.1.1 (192.167.1.1): 56 data bytes 

--- 192.167.1.1 ping statistics --- 

5 packets transmitted, 5 packets received, 0% packet loss 

round-trip min/avg/max = 0/4/10 ms 

P: s=192.167.1.111 (local), d=192.167.1.1 (GigaEthernet1/1), g=192.167.1.1, 
len=84, sending 

IP: s=192.167.1.1  (GigaEthernet1/1), d=192.167.1.111 (GigaEthernet1/1), 
len=84 ,rcvd 

IP: s=192.167.1.111 (local), d=192.167.1.1 (GigaEthernet1/1), g=192.167.1.1, 
len=84, sending 

IP: s=192.167.1.1 (GigaEthernet1/1), d=192.167.1.111 (GigaEthernet1/1), 
len=84 ,rcvd 

IP: s=192.167.1.111 (local), d=192.167.1.1 (GigaEthernet1/1), g=192.167.1.1, 
len=84, sending 

IP: s=192.167.1.1  (GigaEthernet1/1), d=192.167.1.111 (GigaEthernet1/1), 
len=84 ,rcvd 

IP: s=192.167.1.111 (local), d=192.167.1.1 (GigaEthernet1/1), g=192.167.1.1, 
len=84, sending 

IP: s=192.167.1.1 (GigaEthernet1/1), d=192.167.1.111 (GigaEthernet1/1), 
len=84 ,rcvd 

IP: s=192.167.1.111 (local), d=192.167.1.1 (GigaEthernet1/1), g=192.167.1.1, 
len=84, sending 

IP: s=192.167.1.1 (GigaEthernet1/1), d=192.167.1.111 (GigaEthernet1/1), 
len=84 ,rcvd 


switch_config# no logging on 


switch_config# *Z 

switch# 

switch# ping 192.167.1.1 

PING 192.167.1.1 (192.167.1.1): 56 data bytes 

--- 192.167.1.1 ping statistics --- 

5 packets transmitted, 5 packets received, 0% packet loss 
round-trip min/avg/max = 0/4/10 ms 


Related Command 


logging 

logging buffered 
logging monitor 
logging console 
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3.3.7 logging trap 


Syntax 


To control the information volume recorded to the syslog server, run the following command. 
To forbid the information to be recorded to the syslog server, use the no form of this command. 


logging trap /eve/ 
no logging trap [level] 


Parameters 
Parameters Description 
level Information level of the logs displayed on the 
terminal line Refer to table 5. 


Default Value 
Informational 

Command Mode 
Global configuration mode 


Usage Guidelines 


Table 5 Level of log recording 
Prompt Lev | Description Description 
el 
emergencies | 0 System is | LOG_EMERG 
unusable 
alerts 1 Immediate action | LOG_ALERT 
needed 
Critical 2 Critical conditions | LOG_CRIT 
errors 3 Error conditions LOG_ERR 
warnings 4 Warning conditions | LOG_WARNING 
notifications 5 Normal but | LOG NOTICE 
significant 
condition 
informational | 6 Informational LOG_INFO 
messages only 
debugging 7 Debugging LOG_DEBUG 
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messages 


Example 


Switch_config# logging 192.168.1.1 
Switch_config# logging trap notifications 


Related Command 
logging 
3.3.8 logging command 


Syntax 


To enable the command execution recording, run logging command. After this function is 
enabled will be generated for each of all entered commands, in which the line to execute this 
command, the command line, the execution result, the login line and the login address will be 
recorded. 

logging command [hide] 

To disable this function, use the no form of this command. 

no logging command 


Parameters 
Parameter Parameter Description 
hide hide mode 


Default Value 
no logging command 
Command Mode 
Global configuration mode 
Example 
Switch_config#logging command 
Switch_config#Jul 11 15:26:56 %CMD-6-EXECUTE: ‘logging command ° return 0, 
switch(vty 0, 192.168.25.42). 


Related Command 


logging 
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3.3.9 logging source-interface 


Syntax 


To set the source port of log exchange, run the following command. 
To disable this function, use the no form of this command. 

logging source-interface interface 

no logging source-interface 


Parameters 
Parameter Parameter Description 
interface Source address port 


Default Value 
no logging source-interface 
Command Mode 
Global configuration mode 
Example 
Switch_config# logging source-interface vlan 1 
Related Command 
logging 
3.3.10 logging history alerts 


Syntax 


To set the level of the historical log table to alerts (need to act immediately), run the following 
command. 
[no] logging history alerts 


Parameters 
None 
Default Value 


logging history warnings 
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Command Mode 
Global configuration mode 
Example 
Switch_config#logging history alerts 
Related Command 
logging 
3.3.11 logging history critical 
Syntax 


To set the level of the historical log table to critical, run the following command. 
logging history critical 
[no] logging history critical 


Parameters 

None 
Default Value 

logging history warnings 
Command Mode 

Global configuration mode 
Example 

Switch_config#logging history critical 
Related Command 

logging 

3.3.12 logging history debugging 
Syntax 


To set the level of the historical log table to debugging, run the following command. 


[no] logging history debugging 
Parameters 


None 
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Default Value 

logging history warnings 
Command Mode 

Global configuration mode 
Example 

Switch_config#logging history debugging 
Related Command 

logging 

3.3.13 logging history emergencies 
Syntax 


To set the level of the historical log table to emergencies, run the following command: 
logging history emergencies 
[no] logging history emergencies 


Parameters 
None 
Default Value 
logging history warnings 
Command Mode 
Global configuration mode 
Example 
Switch_config#logging history emergencies 
Related Command 
logging 
3.3.14 logging history errors 
Syntax 


To set the level of the historical log table to errors, run the following command: 
[no] logging history errors 
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Parameters 

None 
Default Value 

logging history warnings 
Command Mode 

Global configuration mode 
Example 

Switch_config#logging history errors 
Related Command 

logging 

3.3.15 logging history informational 


Syntax 


To set the level of the historical log table to informational, run the following command: 
[no] logging history informational 


Parameters 

None 
Default Value 

logging history warnings 
Command Mode 

Global configuration mode 
Example 

Switch_config#logging history informational 
Related Command 

logging 

3.3.16 logging history notifications 
Syntax 


To set the level of the historical log table to notifications, run the following command: 
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[no] logging history notificaitons 
Parameters 

None 
Default Value 

logging history warnings 
Command Mode 

Global configuration mode 
Example 

Switch_config#logging history notifications 
Related Command 

logging 

3.3.17 logging history warnings 


Syntax 


To set the level of the historical log table to warnings, run the following command: 


[no] logging history warnings 
Parameters 

None 
Default Value 

logging history warnings 
Command Mode 

Global configuration mode 
Example 

Switch_config#logging history warnings 
Related Command 


logging 
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3.3.18 logging history rate-limit 


Syntax 


To set the log output rate, run the following command. 


logging history rate-limit rate 


To return to the default setting, use the no form of this command. 


no logging history rate-limit 


Parameters 
Parameters Description 
rate Stands for the number of logs which are exported 
each second. The value ranges from 1 to 512. 


Default Value 
logging history rate-limit 0 
Command Mode 
Global configuration mode 


Example 


Switch_config#logging history rate-limit 256 


Related Command 


logging 
3.3.19 logging history size 


Syntax 


To set the number of entries in the historical log table, run the following command. 


logging history size size 


Parameters 
Parameters Description 
size Stands for the number of historical log entries. The 
value ranges from 1 to 500. 


Default Value 


logging history size 0 
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Command Mode 

Global configuration mode 
Example 

Switch_config#logging history size 256 
Related Command 


logging 


3.3.20 service timestamps 


Syntax 


To set configure the time stamp that is added when the system is debugged or records the log 
information, run the following command. 

To cancel the time stamp that is added when the system is debugged or records the log 
information, use the no form of this command. 

service timestamps {log|debug} {uptime| datetime}] 

no service timestamps {log|debug} 


Parameters 
Parameters Description 
log Adds the time stamp before the log information. 
debug Adds the time stamp before the debug information. 
uptime Duration between the startup of the switch and the 
current time 
datetime Real-time clock time 


Default Value 


service timestamps log date 
service timestamps debug date 


Command Mode 
Global configuration mode 
Usage Guidelines 


The time stamp in the uptime form is displayed like HHHH:MM:SS, meaning the duration from 
the start-up of the switch to the current time. 
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The time stamp in the date form is displayed like YEAR-MON-DAY HH:MM:SS, meaning the 
real-time clock time. 


Example 
Switch_config# service timestamps debug uptime 
3.3.21 clear logging 
Syntax 


To clear the log information recorded in the memory cache, run the following command. 
clear logging 


Parameters 
None 

Default Value 
None 

Command Mode 
Privileged mode 

Related Command 


logging buffered 


show logging 
Example 
Switch_config# service timestamps debug uptime 
3.3.22 show break 


Syntax 


To display the information about abnormal breakdown of the switch, run the following 
command. 
show break 


Parameters 
None 
Default Value 


None 
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Command Mode 
Other modes except the user mode 
Usage Guidelines 


The command can be used to display the information about abnormal breakdown of the switch, 
helping to find the cause of the abnormality. 


Example 


Switch#show break 


BreakNum: 1 
Exception Type:300-Data Access Interrupt 
date: 2014-4-14 time: 15:31:2 
RO =00000004 R1 =07f54e88 R2 =00000000 R3 =00000004 
R4 =00000000 R5 =00000010 R6 =O0000000f R77 = Offfffff 
R8 =00000001 R9 =00000000 R10 =00552a34 R11 =014d23f0 
R12 = 24002048 R13=00000000 R14=01d7fbbc R15 = 00000000 
R16 = 00000000 R17 =00000000 R18=00000000 R19 =00000001 
R20 =0000000e R21 =01a491a0 R22=00000002 R23 = 00000000 
R24 = 00000000 R25=00000000 R26=07f5565c R27 = 00000000 
R28 = 00000000 R29=00000002 R30=07f5565c R31 = 00000011 
MSR = 00029210 LR =00552a04 CTR=00552a34 IP =00552a38 
dear = 00000000 bear = 00000000 _besr = 00000000 
call procedure-- 
0x005529f8-- 
0x00597388-- 
0x005528c4-- 
0x005960cc-- 
0x0059506c-- 
0x0088d9cc-- 
0x0088ef30-- 
0x00862fe0-- 
0x011ee6ec-- 
0x00000000-- 
The whole displayed content can be divided into six parts: 
1. RROR:file function.map not found 
The prompt information means that the system has not been installed the software 
function.map, which does not affect the system running. 
If the version of the software function.map is not consistent with that of the switch, the system 
prompts that the version is not consistent. 
2. Exception Type—Abnormal hex code plus abnormal name 
3. BreakNum 
It is the current abnormal number. It means the number of abnormalities that the system has 
since it is powered on in the latest time. It is followed by the time when the abnormality occurs. 
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4. Content of the register 

The common content of the register is listed out. 

5. Variable area 

The content in the stack is listed out. 

6. Calling relationship of the number 

If the map file is not installed on the system, only the function's address is displayed. If the map 
file is installed on the system, the corresponding function name, .o file name and .a file name 
are displayed. 

The calling relationship is from bottom to top. 


3.3.23 show debug 
Syntax 


To display all the enabled debugging options of the switch, run the following command. 
show debug 


Parameters 

None 
Command Mode 

Other modes except the user mode 
Example 


switch# show debug 


Crypto Subsystem: 
Crypto Ipsec debugging is on 
Crypto Isakmp debugging is on 
Crypto Packet debugging is on 


Related Command 
debug 
3.3.24 show logging 
Syntax 


To display the state of logging (syslog), run the following command. 
show logging 


Parameters 


None 
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Command Mode 
Other modes except the user mode 
Usage Guidelines 


The command can be used to display the state of logging (syslog), including the login 
information about the console, monitor and syslog. 


Example 


switch# show logging 

Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) 
Console logging: level debugging, 66 messages logged 
Monitor logging: level debugging, 0 messages logged 


Buffer logging: disabled 
Trap logging: level informational, 0 message lines logged 


Related Command 


clear logging 
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Chapter 4 SSH Configuration Commands 


4.1 ip sshd enable 
Syntax 


ip sshd enable 
no ip sshd enable 


Parameters 
None 

Default Value 
Disabled 

Usage Guidelines 


The command can be used to generate the rsa encryption key and then monitor the 
connection to the ssh server. The process of generating encryption key is a process of 
consuming the calculation time. It takes one or two minutes. 


Command Mode 
Global configuration mode 
Example 


In the following example, the SSH service is generated. 
switch_config#ip sshd enable 


4.2 ip sshd timeout 
Syntax 


To set the timeout for the link without passing the authentication, run the following command: 
ip sshd timeout time-/ength 

To return to the default setting, use the no form of this command. 

no ip sshd timeout 


Parameters 
Parameters Description 
time-length Maximum time from the establishment of connection to the 
authentication approval;Value range: 60-65535 
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Default Value 
180 seconds 
Usage Guidelines 


To prevent the illegal user from occupying the connection resources, the connections that are 
not approved will be shut down after the set duration is exceeded. 


Command Mode 
Global configuration mode 
Example 


In the following example, the timeout time is set to 360 seconds 
Switch_config#ip sshd timeout 360 


4.3 ip sshd auth-method 


Syntax 


To set ssh authentication method list, run the following command. 
To return to the default setting, use the no form of this command. 
ip sshd auth-method method 

no ip sshd auth-method 


Parameters 
Parameters Description 
method Sets authentication method list. The length of the 
authentication method's name is no more than 20 
characters. 


Default Value 
The default authentication method list is used. 
Usage Guidelines 
The ssh server uses the authentication method list of the login type. 
Command Mode 
Global configuration mode 
Example 


In the following example, an auth-ssh authentication method list is configured and it is applied 
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to the ssh server: 


Switch_config#aaa authentication login auth-ssh local 
Switch_config#ip sshd auth-method auth-ssh 


4.4 ip sshd access-class 


Syntax 


To set access control list for ssh server, run the following command: 
ip sshd access-class access-list 

To return to the default setting, use the no form of this command. 
no ip sshd access-class 


Parameters 
Parameters Description 
access-list Standard IP access list The length of the access list's name 
is no more than 20 characters. 


Default Value 
No access control list 
Usage Guidelines 


The command can be used to configure the access control list for the ssh server. Only the 
connections complying with the regulations in the access control list can be approved. 


Command Mode 
Global configuration mode 
Example 


In the following example, an ssh-accesslist access control list is configured and applied in the 
ssh server: 


Switch_config# ip access-list standard ssh-accesslist 
Switch_config_std_nacl# deny 192.168.20.40 
Switch_config#ip sshd access-class ssh-accesslist 


4.5 ip sshd auth-retries 


Syntax 


To set the retry times for authentication when the user fails, run the following command: 
ip sshd auth-retries times 

To return to the default setting, use the no form of this command. 

no ip sshd auth-retries 
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Parameters 


Parameters Description 


times Maximum re-authentication times; Value range: 0-65535 


Default Value 
6 times 
Usage Guidelines 
The connection will be shut down when the re-authentication times exceeds the set times. 
Command Mode 
Global configuration mode 
Example 


In the following example, the maximum re-authentication times is set to five times: 
Switch_config#ip sshd auth-retries 5 


4.6 ip sshd clear 
Syntax 


To remove the ssh connection with a specified ID compulsorily, run the following command: 
ip sshd clear /D 


Parameters 


Parameters Description 


ID Number of the SSH connection to the local device; Value 
range: 0-15 


Default Value 
None 
Command Mode 
Global configuration mode 
Usage Guidelines 


The command can be used to disable the incoming ssh connection with the specified number 
compulsorily. You can run the command show ssh to check the current incoming connection’s 
number. 
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Example 


In the following example, the No.0 incoming connection is mandatorily closed: 
Switch_config#ip sshd clear 0 


4.7 ip sshd silence-period 


Syntax 


To set the silence period of SSH login, run the following command: 
ip sshd silence-period time-/ength 
To return to the default setting, use the no form of this command: 


no ip sshd silence-period 


Parameters 
Parameters Description 
time-length Means the time of the silence, which ranges from 0 to 3600. 


Default Value 
60s 


Usage Guidelines 


The command can be used to set the login silence period. After the accumulated login failures 
exceed a certain threshold, the system regards that there exist attacks and disables the SSH 
service in a period of time, that is, the system enters the login silence period. 
The silence period is set by the ip sshd silence-period command. The default silence period is 
60 seconds. The allowable login failures are set by the ip sshd auth-retries command, whose 


default value is 6. 


Command Mode 


Global configuration mode 


Example 


The following example shows how to set the silence period to 200 seconds. 
switch_config#ip sshd silence-period 200 


4.9 ip sshd save 


Syntax 


To save the initial password, run the following command. 


ip sshd save 


To return to the default setting, use the no form of this command. 
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no ip sshd save 
Parameters 
None 
Default Value 
None 
Command Mode 
Global configuration mode 
Usage Guidelines 


The command can be used to save the initial key. When the SSH server is restarted, the key 
will be first read from the flash; if the key reading is successful, the recalculation of key will be 
avoided and the startup time will be shortened. 


Example 


The following example shows how to enable the key protection function. 
switch_config#ip sshd save 


4.10 ip sshd disable-aes 
Syntax 


To forbid aes algorithm during the process of encryption algorithm negotiation, run the following 
command. 

ip sshd disable-aes 

To return to the default setting, use the no form of this command. 

no ip sshd disable-aes 


Parameters 

None 
Default Value 

The AES encryption algorithm is forbidden. 
Usage Guidelines 


The command can be used to decide whether to use the AES algorithm during the encryption 
algorithm negotiation. The AES algorithms such as aes128-cbc and aes256-cbc are not used 
by default. 


-79 


Command Mode 


Global configuration mode 


Example 


The following example shows how to disable the AES encryption algorithm. 
switch_config#ip sshd disable-aes 


4.11 ssh 


Syntax 


To set connection with the remote ssh server, run the following command: 
ssh -I userid -d destiP [-c {des|3des|blowfish }] [-o numberofpasswdprompts] [-p port] [-v 


{1]2}] 


Parameters 


Parameters Description 

—I userid User account on the server 

—d destIP Destination IP address in the dotted decimal system 

-O Re-authentication times after the first authentication fails; 

numberofpassw | Actual re-authentication times is the set value plus the 

dprompts smallest value set on the server. Its default value is three 
times. Value range: 0-65535 

-p port Port number that the server monitorslts default value is 22. 


Value range: 0-65535 


-C 
{des|3des|blo 
wfish} 


Encryption algorithm used during communicationThe 


encryption algorithm is 3des by default. 


-v version 


Specified version number 


Default Value 


N/A 


Command Mode 


Privileged mode, user mode and global configuration mode 


Usage Guidelines 


The command can be used to create a connection with the remote ssh server. 
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Example 


The following example shows how a connection with the ssh server whose IP address is 
192.168.20.41 is created. The account is zmz and the encryption algorithm is blowfish: 
device# ssh -I zmz —d 192.168.20.41 —c blowfish 


4.12 show ssh 
Syntax 


To show session on ssh server of the device, run the following command: 
show ssh 


Parameters 
None 
Default Value 
None 
Usage Guidelines 
The command can be used to display the sessions on the ssh server. 
Command Mode 
Other modes except the user mode 
Example 


The following example shows the sessions on the ssh server: 
Switch#show ssh 


4.13 show ip sshd 
Syntax 


To show the current status of ssh server, run the following command: 
show ip sshd 


Parameters 
None 
Default Value 


None 
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Usage Guidelines 


The command can be used to display the current state of the ssh server. 


Command Mode 
Other modes except the user mode 


Example 


In the following example, the current state of the ssh server is displayed: 


device# show ip sshd 


- 82 


